REST API Security Concerns

ScottCorwin · ‎03-21-2023

I'm wondering what the thoughts are on if there are security concerns about allowing Rest services to be passed through a firewall to a secured network environment. I want to consume services published by public agencies, all published services are using HTTPS but, are public in nature and do not require authentication, in to a highly secured environment where every outside connection allowed in or out, are fairly well scrutinized. If this is not specific enough happy to add more information as it pertains. I'm trying to gain knowledge on this to communicate with an information security officer and network admins who are not hesitant to allow this.

Thanks for any insight to this topic.

Trevor_Hart · ‎03-28-2023

So you are a consumer and not a provider?

Consuming a REST service is no different than visiting a web page in a browser. Its all done over HTTP(S) which is encrypted and the result just happens to be JSON (text) and not HTML (also text).

Many websites use REST and JSON to supply data to website eg stocks sites, weather sites.

If youre security people are concerned with that then the internet would basically be unusable.

If you were providing REST services from your environment then that is another discussion point as there are certain best practises you need to adhere to.

ScottCorwin · ‎04-03-2023

In this case I am the consumer. Thanks for that way of describing it, I don't think I've been able to get it to that succinct before. You are correct with your assumption, the internet is largely unusable to this environment.